{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70887", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-25T18:55:32.212Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T18:55:32.212Z"}, "descriptions": [{"lang": "en", "value": "An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ralphje/signify/issues/60"}, {"url": "https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8"}, {"url": "https://github.com/mtrojnar/osslsigncode/issues/475"}, {"url": "https://github.com/mtrojnar/osslsigncode/pull/477"}, {"url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.11"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components"}], "id": "CVE-2025-70887", "lastModified": "2026-03-25T19:16:28.130", "metrics": {}, "published": "2026-03-25T19:16:28.130", "references": [{"source": "cve@mitre.org", "url": "https://github.com/mtrojnar/osslsigncode/issues/475"}, {"source": "cve@mitre.org", "url": "https://github.com/mtrojnar/osslsigncode/pull/477"}, {"source": "cve@mitre.org", "url": "https://github.com/mtrojnar/osslsigncode/releases/tag/2.11"}, {"source": "cve@mitre.org", "url": "https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8"}, {"source": "cve@mitre.org", "url": "https://github.com/ralphje/signify/issues/60"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T20:28:35.414304+00:00", "value": {"mitigation_remediation": ["Upgrade Signify to version 0.9.2 or later to remove the vulnerability", "If an upgrade is not possible, restrict execution of signed_data.py and context.py to trusted users or environments", "Verify the integrity of signified files and restrict that only signed files from trusted sources are processed", "Monitor audit logs for unexpected execution of signing components", "Apply general principle of least privilege when running Signify"], "summary": {"action": "Patch Immediately", "impact": "Remote Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The affected product is Signify, a signing utility used for verifying and creating digital signatures. Versions prior to 0.9.2, including release 0.9.1 and earlier, are vulnerable. Any deployment of Signify that incorporates the unpatched signed_data.py and context.py modules is at risk, regardless of operating system.", "description_and_impact": "An issue exists in the Signify signing tool before version 0.9.2 that allows a remote attacker to leverage code paths in the signed_data.py and context.py components to execute arbitrary actions with elevated privileges. The flaw stems from improper handling of signed data input and context parameters, providing a vector for privilege escalation. The impact is that an attacker who can influence the signing process may gain higher-level access or control over the system, potentially compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "No CVSS score or EPSS data is publicly available for this vulnerability, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is remote; an adversary can supply crafted signed data or manipulate context parameters to trigger the privilege escalation. Because the flaw permits the execution of additional code with elevated rights, the potential damage is high. Current evidence suggests exploitation is feasible, but the exact difficulty depends on the attacker's ability to influence the signing context and the protection mechanisms in place."}}}}, "created": "2026-03-25T20:56:56.436992+00:00", "title": "Remote Privilege Escalation via Signed Data Handling in Signify", "updated": "2026-03-25T20:56:56.437020+00:00", "vendors": [], "weaknesses": ["CWE-264"]}